This site uses cookies to deliver our services and to show you relevant ads and job listings.
By using our site, you acknowledge that you have read and understand our Cookie Policy, Privacy Policy, and our Terms of Service.
Your use of Stack Overflow’s Products and Services, including the Stack Overflow Network, is subject to these policies and terms.

Join us in building a kind, collaborative learning community via our updated
Code of Conduct.

I would like to be able to prompt for my super secure password variable if it is not already in the environment variables. (I'm thinking that I might not want to put the definition into .bash_profile or one of the other spots.)

@AnnTheAgile When you hardcode the above variable (SSHPWD) to some dummy / actual value, did the above piece of code work for you, i.e. for NOT prompting you at all? My understanding is, it'll alway prompt you no matter whether SSHPWD was set to null or was set to a valid value (if hardcoded to some value instead of using/depending upon an ENV variable).
– Arun SangalJan 2 '17 at 13:43

5 Answers
5

According to the replies from the devs and a quick test I've done with the latest version, the vars_prompt is run before "GATHERING FACTS". This means that the env var SSHPWD is always null at the time of your check with when.

Unfortunately it seems there is no way of allowing the vars_prompt statement at task level.

Michael DeHaan's reasoning for this is that allowing prompts at the task-level would open up the doors to roles asking a lot of questions. This would make using Ansible Galaxy roles which do this difficult:

There's been a decided emphasis in automation in Ansible and asking questions at task level is not something we really want to do.

However, you can still ask vars_prompt questions at play level and use those variables throughout tasks. You just can't ask questions in roles.

And really, that's what I would like to enforce -- if a lot of Galaxy roles start asking questions, I can see that being annoying :)

This is indeed not possible by default in Ansible. I understand the reasoning behind not allowing it, yet I think it can be appropriate in some contexts. I've been writing an AWS EC2 deploy script, using the blue/green deploy system, and at some point in the role I need to ask the user if a rollback needs to be done if something has gone awry. As said, there is no way to do this (conditionally and/or non-fugly).

So I wrote a very simple Ansible (2.x) action plugin, based on the pause action from the standard library. It a bit spartan in that it only accepts a single key press, but it might be of use. You can find it in a Github gist here. You need to copy the whole Gist file to the action_plugins directory of your playbook directory. See the documentation in the file.

Pleae include the relevant part of your link in your answer. GitHub depositories may change at any time. Thanks.
– zx485Mar 21 '16 at 16:36

The whole file is the relevant part. It's a module than needs to be included wholly to add extra functionality to Ansible. I added a bit more documentation to the anwer. If you mean 'relevant git commit': if I find a bug tomorrow I want future visitors to see the newer version.
– ConfiksMar 21 '16 at 17:46